How to Install ownCloud with a Self-Signed SSL Certificate

ownCloud is great. It’s basically like Dropbox, but with one huge difference: you host the software and data yourself. This gives you complete control over your stuff, and now that VPSs and even dedicated servers are getting cheaper and cheaper, the setup is more affordable than ever. For example, the French hosting company Online.net offers a small dedicated server with 500 GB HDD for just 5€/month (excl. tax).

The files on your ownCloud server can be accessed through a web browser, but ownCloud also provides automatically syncing desktop clients for Mac, Linux and Windows. In addition to that, there are official clients for iOS and Android as well. Read more about ownCloud’s features here.

In this tutorial I will go through the complete setup of ownCloud on a Debian (7.0, x64) VPS. It will use a self-signed SSL certificate to secure file transmission, but it will also encrypt ownCloud files locally. The VPS in the example is from DigitalOcean with the hostname owncloud.turunen.pro.

Getting started

First, you will have to obtain ownCloud’s release key. After you have downloaded and added the key, the file can be erased from /tmp. Please note that all commands will be run as root.

Add ownCloud repository to the apt source list, update package lists, and install ownCloud with all its dependencies. The MySQL installer will ask for a root password, so choose a strong one and store it someplace safe.

If, for some reason, you would like to use a bigger key, modify rsa:2048 in the command to rsa:4096. I’d argue that a key length of 2048 bits is sufficient enough for this purpose — at least for the time being. Keep in mind that 4096 bits is tough on the CPU and makes communication slower.

If you want your cert to be valid for a custom number of days, modify the -days argument.

Finishing up

Click on your name on the upper right corner and select Admin. In the security settings put a check on Enforce HTTPS. This will ensure that http requests will be redirected to https and all communication with your ownCloud server will be done over a secure connection.

Final step: enabling local file encryption. From the upper left corner click on the down arrow and select Apps. From the side bar select Not enabled. Find Server-side Encryption from the list and click Enable.

Log out from ownCloud and log back in. All files will now be encrypted when stored.

Done.

That’s it. You now have a fully functioning and secure cloud storage server that YOU control.

I hope you found this tutorial useful. Leave a comment below if you have any questions! You may also tweet me @eeturunen.